1. Field of the Invention
The present invention relates to information security, and more particularly, to a security method and system for maintaining security between a client and server and a computer-readable medium storing a computer program for executing the security method.
2. Description of the Related Art
Recently, more home appliances have been developed to access the Internet and to include universal serial buses (USBs) or compact discs (CDs), thereby enabling users to input or output data. Such consumer electronics (CE) devices have evolved from home appliances providing simple functions to devices capable of performing complicated functions while communicating with external devices with the aid of high-performance, multi-functional operating systems (OSs). Accordingly, the demand for updating existing OSs and software prograns has steadily grown. However, the maintenance of security when inputting data to CE devices or allowing CE devices to receive update files has not been sufficiently taken into account, thus exposing CE devices to the risk of being damaged by malicious attacks, such as viruses or hacking, or being accessed by unauthorized users.
Conventionally, a client encrypts data with its own private key and transmits the encrypted data to a server. Then, the server authenticates the encrypted data, encrypts data to be transmitted to the client with its own private key, and transmits the encrypted data to be transmitted to the client. In other words, the client and the server authenticate each other and then decide to transmit data to each other based on the authentication results. Such conventional security techniques, however, involve encryption and decryption processes that are highly complicated and time-consuming. In particular, the performance of CE devices may considerably deteriorate when such conventional security techniques are applied to the CE devices. Therefore, it is necessary to develop efficient security methods and systems.